Hi,
We manage hundreds of clusters and a handful of distinct pg_hba.conf
files across several sites. We are mostly satisfied with our automated
method of management, but on occasion, someone will hand edit a
pg_hba.conf file, and some application will get locked out. This a bad.
We'd like to be able to do a few things related to auditing pg_hba.conf:
1. Store a copy of pg_hba.conf on server start or reload
2. Have an audit trail that shows when particular rules were loaded.
3. Compare the contents of pg_hba.conf to the rules that are actually
loaded.
4. Alert the DBA when the rules loaded differ from the file that was
previously loaded.
We can accomplish #1 and #2 by having a shell command copy the file, or
by storing rules in a db table. I'm not sure that #3 and #4 are
possible until we accomplish #1. I'm not aware of any function or
catalog table/view that stores pg_hba rules. I'm curious to know if
anyone has any suggestions, or has solved a similar problem.
Best Regards,
JP
--
JP Fletcher
Database Administrator
Afilias Canada
voice: 416.646.3304 ext. 4123
fax: 416.646.3305
mobile: 416.561.4763
jpfletch@ca.afilias.info
